Month: April 2025

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. Continue reading CVE-2025-27470 Windows Standards-Based Storage Management Service Denial of Service Vulnerability→

Insufficient verification of data authenticity in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally. Continue reading CVE-2025-27735 Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability→

Sensitive data storage in improperly locked memory in Microsoft Streaming Service allows an unauthorized attacker to deny service over a network. Continue reading CVE-2025-27471 Microsoft Streaming Service Denial of Service Vulnerability→

Heap-based buffer overflow in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-27490 Windows Bluetooth Service Elevation of Privilege Vulnerability→

Stack-based buffer overflow in Microsoft Virtual Hard Drive allows an authorized attacker to elevate privileges locally. Continue reading CVE-2025-26688 Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability→

Stack-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. Continue reading CVE-2025-27481 Windows Telephony Service Remote Code Execution Vulnerability→

Use after free in Windows Win32K – GRFX allows an unauthorized attacker to elevate privileges over a network. Continue reading CVE-2025-26687 Win32k Elevation of Privilege Vulnerability→

Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. Continue reading CVE-2025-26664 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability→